Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    CleanUp.dll

  • Size

    3.9MB

  • Sample

    240227-3z53gaef7x

  • MD5

    e2715eea093952fe0f86212acc67c54a

  • SHA1

    f859f8db122bfb7ac742639d4cf44167f70e44ce

  • SHA256

    26f213e18d20aba53ef25ef1064434474c1bf563a1671217698177177603950f

  • SHA512

    34a5dfb4c726e208159983040c0ae91e859a215080624bac1e0f9357cfe3cc6d5f5203b774fe3e881622e80c890e8ef54880109ccd348245a535e30fe870cca2

  • SSDEEP

    98304:q9BpQLAgp0PSjNTVq3WhaQTZBGK82IM0Nm:Eovp0WEgBR8M

Malware Config

Targets

    • Target

      CleanUp.dll

    • Size

      3.9MB

    • MD5

      e2715eea093952fe0f86212acc67c54a

    • SHA1

      f859f8db122bfb7ac742639d4cf44167f70e44ce

    • SHA256

      26f213e18d20aba53ef25ef1064434474c1bf563a1671217698177177603950f

    • SHA512

      34a5dfb4c726e208159983040c0ae91e859a215080624bac1e0f9357cfe3cc6d5f5203b774fe3e881622e80c890e8ef54880109ccd348245a535e30fe870cca2

    • SSDEEP

      98304:q9BpQLAgp0PSjNTVq3WhaQTZBGK82IM0Nm:Eovp0WEgBR8M

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Registers COM server for autorun

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks